CVE-2026-28701
Last modified
CVE-2026-28701 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.. EPSS estimates a 0.84% chance of exploitation in the next 30 days.
Description
Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Daktronics | Dmp-5000 Firmware | < 8.117.0.0 |
| Daktronics | Dmp-5000 Firmware | >= 9.0.0.0, < 9.43.0.0 |
| Daktronics | Dmp-5000 Firmware | >= 10.0.0.0, < 10.34.0.0 |
| Daktronics | Dmp-8000 Firmware | < 8.117.0.0 |
| Daktronics | Dmp-8000 Firmware | >= 9.0.0.0, < 9.43.0.0 |
| Daktronics | Dmp-8000 Firmware | >= 10.0.0.0, < 10.34.0.0 |
| Daktronics | Vfc-Dmp-5000 Firmware | < 8.117.0.0 |
| Daktronics | Vfc-Dmp-5000 Firmware | >= 9.0.0.0, < 9.43.0.0 |
| Daktronics | Vfc-Dmp-5000 Firmware | >= 10.0.0.0, < 10.34.0.0 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-28701?
How severe is CVE-2026-28701?
How do I fix CVE-2026-28701?
Related CVEs from 2026
- CVE-2026-28693ImageMagick is free and open-source software used for editin…8.1
- CVE-2026-28695Craft is a content management system (CMS). There is an auth…7.2
- CVE-2026-28696Craft is a content management system (CMS). Prior to 4.17.0-…7.5
- CVE-2026-28697Craft is a content management system (CMS). Prior to 4.17.0-…9.1
- CVE-2026-28699Gitea versions up to and including 1.26.1 allow OAuth2 acces…8.1
- CVE-2026-2870A security flaw has been discovered in Tenda A21 1.0.0.0. Af…8.8
- CVE-2026-28703Zohocorp ManageEngine Exchange Reporter Plus versions before…4.8
- CVE-2026-28704Emocheck insecurely loads Dynamic Link Libraries (DLLs). If …8.4
- CVE-2026-28705Gitea versions before 1.25.5 use release tag names and asset…5.3
- CVE-2026-28709Unauthorized resource manipulation due to improper authoriza…4.3
- CVE-2026-2871A weakness has been identified in Tenda A21 1.0.0.0. This af…8.8
- CVE-2026-28710Sensitive information disclosure and manipulation due to imp…9.8
Are you affected by CVE-2026-28701?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
